On Tue, 2004-10-19 at 13:37 +0100, Timothy Murphy wrote:
> On Tuesday 19 October 2004 13:12, Barry O'Donovan wrote:
>> > > Will they be able to get past my filewall?
> > > (I'm running the standard shorewall setup.)
> >
> > If you have those log messages they already are past your firewall.
> > Either it's not running, it's not configured properly or you've
> > configured it to allow SSH access through.
>> That is what I thought.
> However, I just followed the model in the shorewall "two-interfaces" setup.
My personal theory on this is that if I'M not running any services (eg:
httpd or sshd or cupsd) on a public interface (localhost is ok) then I
don't need a firewall. My reason is that if there are no services
running then having a firewall is just running a service that could be
compromised. I may be wrong, but I'm sure I'll be corrected if I am :)
One of the beautiful things about Linux is that you can turn off
services.
--
Aidan Delaney email: adelaney at cs.may.ie
web: http://www.cs.may.ie/~adelaney
gpg: http://www.cs.may.ie/~adelaney/public_key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux.ie/pipermail/ilug/attachments/20041019/d2619e08/attachment.pgp
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
